Hostname in Firewall

sinabox · August 8, 2012, 9:44am

Hi
I have a RB493G and I have two internet services from two deferent ISPs with two deferent IP Ranges , one of them 80.X.X.X/24 and the other one 31.X.X.X/24 . in IP route I wrote this :
/ip route add dst-address=0.0.0.0/0 gateway=31.X.X.1
So , There are some websites that I should pay money to get access for my Ip addresses , I payed before for 80.X.X.X/24 and now I want a rule for my clients that if they send request to those websites then mikrotik use 80.X.X.X/24 ip addresses but the other web sites use 31.X.X.X/24 .
I tried using just ip address of that websites but some of them have several servers with deferent ip addresses which is difficult to resolve all of them myself .
I need something in Mikrotik that could write a rule like this :
/ip fire wall nat add chain=dstnat dst-address=*.mikrotik.com action=netmap to-addresses=80.X.X.X
or
/ip firewall nat add chain=dstnat dst-address=www.mikrotik.com action=netmap to-addresses=80.X.X.X
Can any one help me ?!

greencomputing · August 8, 2012, 12:17pm

Hi sir

you can implement the requirement using routing marking, having a firewall mangle rule that will mark the packets with destination ip = pay4surf website ip

here you have a procedure to force the traffic to site with ip xx.yy.zz.ww going trough the ISP for which you already payed.

apply routing mark to packets outgoing to the public Internet with destination ip = xx.yy.zz.ww

/ip firewall mangle 
add action=mark-routing chain=prerouting disabled=yes dst-address=xx.yy.zz.ww dst-address-type=!local new-routing-mark=ISP-PAYED-RT  passthrough=no

Add as gateway that will be used specifically for packet marked with ISP-PAYED-RT mark the agtewy you want 80.X.X.1 :

/ip route
add disabled=yes distance=1 dst-address=0.0.0.0/0 gateway=80.X.X.1 routing-mark= ISP-PAYED-RT scope=30 target-scope=10

After inserting these rules, you will see clients request to ip xx.yy.zz.ww going trough the gateway 80.x.x.1.

Hoping it will help you
have a nice day

sinabox · August 11, 2012, 6:55am

greencomputing:

Hi sir

you can implement the requirement using routing marking, having a firewall mangle rule that will mark the packets with destination ip = pay4surf website ip

here you have a procedure to force the traffic to site with ip xx.yy.zz.ww going trough the ISP for which you already payed.

apply routing mark to packets outgoing to the public Internet with destination ip = xx.yy.zz.ww
/ip firewall mangle 
add action=mark-routing chain=prerouting disabled=yes dst-address=xx.yy.zz.ww dst-address-type=!local new-routing-mark=ISP-PAYED-RT  passthrough=no
Add as gateway that will be used specifically for packet marked with ISP-PAYED-RT mark the agtewy you want 80.X.X.1 :
/ip route
add disabled=yes distance=1 dst-address=0.0.0.0/0 gateway=80.X.X.1 routing-mark= ISP-PAYED-RT scope=30 target-scope=10
After inserting these rules, you will see clients request to ip xx.yy.zz.ww going trough the gateway 80.x.x.1.

Hoping it will help you
have a nice day

Thanks for your replay
my problem is resolving websites urls to ip addresses ,for example , a web site like www.example.com returns 192.168.1.1 but sub.example.com returns 192.168.20.2 and app.example.com returns 192.168.200.1 …
so i need some rules that I can use *.example.com .
thanks again